02-06-2017 11:20 PM - edited 03-12-2019 06:16 AM
We need to have only have email alert intrusions only for critical servers.
The options only I see is for per categories in Policy>Actions>Alerts.
Is this possible?
02-07-2017 03:34 PM
Step 1 Choose Policies > Actions > Alerts.
Step 2 From the Create Alert drop-down menu, choose Create Email Alert.
Step 3 Enter a Name for the alert response.
Step 4 In the To field, enter the email addresses where you want to send alerts, separated by commas.
Step 5 In the From field, enter the email address that you want to appear as the sender of the alert.
Step 6 Next to Relay Host, verify the listed mail server is the one that you want to use to send the alert.
To change the email server, click the edit icon
02-08-2017 01:50 AM
The procedures you provided is for setting up email alert.
The current situation is that any hosts that affected by intrusions are sending email alerts.
We want to happen is that if there are intrusions only for DMZ servers that is the time it will send email alerts.
02-13-2017 02:39 AM
You can do this by creating a correlation policy only matching for example the Impact1 events and the servers you are interested in.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide